Menu
AWS SDK for Go
Developer Guide

Managing IAM Access Keys

This Go example shows you how to create, modify, view, or rotate IAM access keys. You can download complete versions of these example files from the aws-doc-sdk-examples repository on GitHub.

Scenario

Users need their own access keys to make programmatic calls to the AWS SDK for Go. To fill this need, you can create, modify, view, or rotate access keys (access key IDs and secret access keys) for IAM users. By default, when you create an access key its status is Active, which means the user can use the access key for API calls.

In this example, you use a series of Go routines to manage access keys in IAM. The routines use the AWS SDK for Go IAM client methods that follow:

Prerequisites

Create a New IAM Access Key

This code creates a new IAM access key for the IAM user named IAM_USER_NAME.

Create a new Go file named iam_createaccesskey.go. You must import the relevant Go and AWS SDK for Go packages by adding the following lines.

Copy
package main import ( "fmt" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" )

Set up the session.

Copy
func main() { sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2")}, ) // Create a IAM service client. svc := iam.New(sess)

Call CreateAccessKey and print the results.

Copy
result, err := svc.CreateAccessKey(&iam.CreateAccessKeyInput{ UserName: aws.String("IAM_USER_NAME"), }) if err != nil { fmt.Println("Error", err) return } fmt.Println("Success", *result.AccessKey) }

List a User's Access Keys

In this example, you get a list of the access keys for a user and print the list to the console.

Create a new Go file named iam_listaccesskeys.go. You must import the relevant Go and AWS SDK for Go packages by adding the following lines.

Copy
package main import ( "fmt" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" )

Set up a new IAM client.

Copy
func main() { sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2")}, ) // Create a IAM service client. svc := iam.New(sess)

Call ListAccessKeys and print the results.

Copy
result, err := svc.ListAccessKeys(&iam.ListAccessKeysInput{ MaxItems: aws.Int64(5), UserName: aws.String("IAM_USER_NAME"), }) if err != nil { fmt.Println("Error", err) return } fmt.Println("Success", result) }

Get the Last Use for an Access Key

In this example, you find out when an access key was last used.

Create a new Go file named iam_accesskeylastused.go. You must import the relevant Go and AWS SDK for Go packages by adding the following lines.

Copy
package main import ( "fmt" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" )

Set up a new IAM client.

Copy
func main() { sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2")}, ) // Create a IAM service client. svc := iam.New(sess)

Call GetAccessKeyLastUsed, passing in the access key ID, and print the results.

Copy
result, err := svc.GetAccessKeyLastUsed(&iam.GetAccessKeyLastUsedInput{ AccessKeyId: aws.String("ACCESS_KEY_ID"), }) if err != nil { fmt.Println("Error", err) return } fmt.Println("Success", *result.AccessKeyLastUsed) }

Update Access Key Status

In this example, you delete an IAM user.

Create a new Go file with the name iam_updateaccesskey.go. You must import the relevant Go and AWS SDK for Go packages by adding the following lines.

Copy
package main import ( "fmt" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" )

Set up a new IAM client.

Copy
func main() { sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2")}, ) // Create a IAM service client. svc := iam.New(sess)

Call UpdateAccessKey, passing in the access key ID, status (making it active in this case), and user name.

Copy
_, err := svc.UpdateAccessKey(&iam.UpdateAccessKeyInput{ AccessKeyId: aws.String("ACCESS_KEY_ID"), Status: aws.String(iam.StatusTypeActive), UserName: aws.String("USER_NAME"), }) if err != nil { fmt.Println("Error", err) return } fmt.Println("Access Key updated") }

Delete an Access Key

In this example, you delete an access key.

Create a new Go file named iam_deleteaccesskey.go. You must import the relevant Go and AWS SDK for Go packages by adding the following lines.

Copy
package main import ( "fmt" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" )

Set up a new IAM client.

Copy
func main() { sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2")}, ) // Create a IAM service client. svc := iam.New(sess)

Call DeleteAccessKey, passing in the access key ID and user name.

Copy
result, err := svc.DeleteAccessKey(&iam.DeleteAccessKeyInput{ AccessKeyId: aws.String("ACCESS_KEY_ID"), UserName: aws.String("USER_NAME"), }) if err != nil { fmt.Println("Error", err) return } fmt.Println("Success", result) }